On Fri, December 23, 2016 18:53, Moritz Mühlenhoff wrote: > Sebastian Andrzej Siewior <sebast...@breakpoint.cc> schrieb: > > Please use t...@security.debian.org if you want to reach the security > team, not debian-security@ldo. > >> tl;dr: Has anyone a problem if sslscan embeds openssl 1.0.2 in its >> source? > > That's for post-stretch, right? Right now it can simply link against > the 1.0.2 copy, > > Seems fine to me for that use case, and it won't need any security > updates to the embedded openssl copy for all practical purposes anyway.
I agree, the risk for this use case is quite low, and having tools like sslscan readily available in Debian is greatly beneficial for security. Cheers, Thijs
